On 20.02.26 21:52, Thom Wiggers wrote:
On the subject of “have KEMs instead of ECDH for TLS 1.3 been analyzed”, the answer is, very simply: yes. The first few steps of my proof for KEMTLS prove exactly this [0], and you can directly copy-paste these into the computational analysis of TLS 1.3 by Dowling et al. [1].
Thanks very much Thom. I will read it and may have questions. I suggest to add some relevant text and cite Thom's thesis in the draft.Though, from a process perspective, I am still not sure how someone's thesis can substitute FATT review and FATT report. I believe the thesis can be given as an input to FATT, but I don't really see how it can constitute FATT output. As it stands, FATT review and FATT report are both still missing in the process.
-Usama
[0] https://thomwiggers.nl/p/thesis/ [1] https://eprint.iacr.org/2020/1044
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
